Page MenuHome GnuPG
Create Task
Maniphest T4728

GnuPG fails to connect to 127.0.0.1 when many domains are specified in /etc/hosts
Open, NormalPublic
Actions

Description

I'm running a test suite against a mocked HKP server on localhost. I'm specifically using hkp://127.0.0.1 to avoid any DNS lookups. Nevertheless, GnuPG attempts to use DNS and fails, apparently because it doesn't allocate large enough buffer:

2019-10-25 08:34:50 dirmngr[118495] listening on socket '/run/user/1000/gnupg/d.zn5hout1pfhjjyp74m8pfdxe/S.dirmngr'
2019-10-25 08:34:50 dirmngr[118496.0] permanently loaded certificates: 141
2019-10-25 08:34:50 dirmngr[118496.0]     runtime cached certificates: 0
2019-10-25 08:34:50 dirmngr[118496.0]            trusted certificates: 141 (140,0,0,1)
2019-10-25 08:34:50 dirmngr[118496.0] failed to open cache dir file '/tmp/tmp4teki88d/crls.d/DIR.txt': No such file or directory
2019-10-25 08:34:50 dirmngr[118496.0] creating directory '/tmp/tmp4teki88d/crls.d'
2019-10-25 08:34:50 dirmngr[118496.0] new cache dir file '/tmp/tmp4teki88d/crls.d/DIR.txt' created
2019-10-25 08:34:50 dirmngr[118496.0] error enabling fast daemon termination: Too many open files
2019-10-25 08:34:50 dirmngr[118496.5] handler for fd 5 started
2019-10-25 08:34:50 dirmngr[118496.5] DBG: chan_5 -> # Home: /tmp/tmp4teki88d
2019-10-25 08:34:50 dirmngr[118496.5] DBG: chan_5 -> # Config: /tmp/tmp4teki88d/dirmngr.conf
2019-10-25 08:34:50 dirmngr[118496.5] DBG: chan_5 -> OK Dirmngr 2.2.17 at your service
2019-10-25 08:34:50 dirmngr[118496.5] connection from process 118493 (1000:1000)
2019-10-25 08:34:50 dirmngr[118496.5] DBG: chan_5 <- GETINFO version
2019-10-25 08:34:50 dirmngr[118496.5] DBG: chan_5 -> D 2.2.17
2019-10-25 08:34:50 dirmngr[118496.5] DBG: chan_5 -> OK
2019-10-25 08:34:50 dirmngr[118496.5] DBG: chan_5 <- KEYSERVER --clear hkp://127.0.0.1:32147
2019-10-25 08:34:50 dirmngr[118496.5] DBG: chan_5 -> OK
2019-10-25 08:34:50 dirmngr[118496.5] DBG: chan_5 <- KEYSERVER
2019-10-25 08:34:50 dirmngr[118496.5] DBG: chan_5 -> S KEYSERVER hkp://127.0.0.1:32147
2019-10-25 08:34:50 dirmngr[118496.5] DBG: chan_5 -> OK
2019-10-25 08:34:50 dirmngr[118496.5] DBG: chan_5 <- KS_GET -- 0x81E12C16BD8DCD60BE180845136880E72A7B1384
2019-10-25 08:34:50 dirmngr[118496.5] resolve_dns_addr failed while checking '127.0.0.1': Buffer too short
2019-10-25 08:34:50 dirmngr[118496.5] number of system provided CAs: 140
2019-10-25 08:34:50 dirmngr[118496.5] can't connect to '127.0.0.1': no IP address for host
2019-10-25 08:34:50 dirmngr[118496.5] error connecting to 'http://127.0.0.1:32147': Unknown host
2019-10-25 08:34:50 dirmngr[118496.5] marking host '127.0.0.1' as dead
2019-10-25 08:34:50 dirmngr[118496.5] host '127.0.0.1' marked as dead
2019-10-25 08:34:50 dirmngr[118496.5] command 'KS_GET' failed: No keyserver available
2019-10-25 08:34:50 dirmngr[118496.5] DBG: chan_5 -> ERR 167772346 No keyserver available <Dirmngr>
2019-10-25 08:34:50 dirmngr[118496.5] DBG: chan_5 <- BYE
2019-10-25 08:34:50 dirmngr[118496.5] DBG: chan_5 -> OK closing connection
2019-10-25 08:34:50 dirmngr[118496.5] handler for fd 5 terminated

That's probably the direct cause:

$ grep 127.0.0.1 /etc/hosts | wc -l
3056

If GnuPG insists on doing unnecessary DNS lookups, it could at least be equipped to handle large results. Or at least handle failures gracefully.

Details

Version
2.2.17